Search Results

[@mrtoner]

#1

Modifications and Packages / Re: Stop Spammer

November 24, 2010, 02:29:51 PM by snoopy_virtual

@mrtoner

Be careful with the usernames.

It's better if you enter Admin => Members => Registration => Settings go down to the Mod Stop Spammer settings and un-check the checkbox "Check their username:"

If somebody have the IP or the email address in the spammers database you can be more or less sure they are spammers, but if it's only the username most likely they are not spammers at all.

For more info about this, search this thread for the "false positive" issue. We have talked a lot about it here.

I think I can reduce the number there by changing my CAPTCHA setting from Medium to High (I've already tried that and it appears to work), but the resulting image is so difficult to read that I'm afraid that will discourage legitimate registrations. (I know *I* have trouble reading it.) Is there any additional way to reduce the number of spam registrations?

My personal experience is that captchas don't stop spammers at all. Modern robots can pass even the more sophisticated captchas.

In all my forums I have these security programs installed:

• Crawltrack (Firewall, anti-hackers and statistics tool all-in-one)
• Mod httpBL (Anti-spammers)
• Mod Stop Spammer (This one)
• Anti-Spam Verification Questions (Anti-spammers)

You can see more info reading this:

http://www.simplemachines.org/community/index.php?topic=283309.msg2824757#msg2824757

And the answers following that one.

And also reading this:

http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2

Just now I have 7 forums and the last time a spammer could get inside one of them was 2 months ago. And the last time a hacker managed to enter one of my servers was 2 years ago.

["false positive"]

#2

Modifications and Packages / Re: Stop Spammer

October 21, 2010, 08:43:53 AM by snoopy_virtual

Anyway, as I said a few minutes ago in reply #843 you can have a better view of all the things we have said about this if you search this topic.

Try for example with the keywords "false positive":

http://www.simplemachines.org/community/index.php?action=search2;search=false+positive;topic=283309

[automatically every time]

#3

Modifications and Packages / Re: Stop Spammer

September 24, 2010, 10:22:15 AM by snoopy_virtual

...
Allow me to select options, when the mod recognizes a username, IP, or email that exists in the stopforumspam database, to:

[ ] Add the username, IP, hostname, and/or email address to my forum's ban list
[ ] Report the username, IP, hostname, and email address to stopforumspam.com
[ ] Delete the account
...

I don't know if I have understood you properly.

Do you mean you want the mod to do this kind of actions automatically every time some data is found in the spammers database?

I f that's what you mean, it would be very dangerous, because still there are some "false positives" every now and then, so you could be deleting real "legal" users (not spammers).

Just in case somebody doesn't understand what I'm talking about, we call a "false positive" when the mod recognizes a new member as spammer but, after some investigation, you find out this one is not a spammer at all.

I'm not going to repeat here again all the possibilities and the reasons why some times we get "false positives", because we have discussed them here in this thread a lot of times.

Ideally the mod shouldn't do this kind of mistakes never and (if you read the full thread here) you can see, almost all the updates we have done to the mod since the first version, we have been trying to make this spammers recognizing system as perfect as possible, but unfortunately it's not 100% perfect yet and it still has some "false positives" every now and then.

So I think we have no other option but to check all the members recognized as spammers by the mod one by one to be sure they are really spammers.

=====================

...
Alternatively, the tool could add these to the "With Selected:" dropdown menu (Ban, Report, Reject/Delete)
...

I think this is already done.

I mean, it's not exactly in the dropdown menu, but next to it.

You can select as many members as you want and check them in stopforumspam database, report them or delete them.

The only new thing I see you are asking is to add also another button (or similar) to add selected members to your forum's ban list.

I have thought of doing this long time ago, but since I finished my other mod httpBL I stopped using a manual ban list.

With mod httpBL working on your forum there is no need to have a ban list. The bad guys ban themselves automatically and you don't need to keep banning them manually.

If you don't have this other mod you can find it here:

http://custom.simplemachines.org/mods/index.php?mod=2155

=====================

Again, as I said at the beginning, I don't know if I understood you properly.

If I didn't please forgive me and correct me.

#4

Modifications and Packages / Re: Stop Spammer

April 17, 2010, 03:04:36 PM by Robert A. Rosenberg

Secondly, I've had a few rouge registrations that are listed at stopforumspam.com etc. However, the mod doesn't seem to pick them up at the registration stage. If I manually check the user then it picks them up no problem and highlights them accordingly. Am I missing something here ?

Just wondered if anyone has any info on my question above. As mentioned, it doesn't seem to pick up dodgy members at the registration stage. yet if I run a "check" they are highlighted. Just wondered if I've missed understood how it works ? I thought it would pick them up at the registration stage and then mark them "for approval" ? That doesn't seem to be happening... 

While I can not help you with the issue of why the rogue user is not caught at registration time yet is immediately caught if you then select it for a recheck, this does raise an issue where I have with a feature I would like to see.

There are times when if I do the check at registration (or a recheck) I get a false positive on something like Username. In my case, I have a Dave where I get a Red Icon for the entry although the Email Address and IPN is not flagged.

It would be useful, if when I get an entry like this if I could flag it to say "Ignore this match on this field for this entry." This would still check the IPN and Email Address but NOT the Username for the entry on a recheck. Right now, the entry loses its authorization and must have it reissued.

Addition of this feature would allow periodical rechecks to catch entries that were OK at registration but went rogue after that (ie: Was not in the database at registration but now are). This would, I assume, require an additional flag for the entry which would be inspected at check time (if an entry is going to be marked bad) so this match can be overridden and the entry is left as good.

[for THAT Field of an entry]

#5

Modifications and Packages / Re: Stop Spammer

February 20, 2010, 01:06:23 PM by Robert A. Rosenberg

You can already turn off/on 'check username'.   

I don't think That's what Robert is saying.

Note this:

...
My fix is to add a field to the flags that highlight the name, email address, and IPN entries that says for THAT Field of an entry to ignore the match.
...
Note that this is NOT referencing the global switch to not check a filed for ALL users but just a setting in the user's entry to say to ignore the field.
...

It could be done (complicated but possible) but I don't think it will be practical.

You are saying:

...
not flag him again until there is an actual match on the email and/or IPN.
...

OK, but how can I tell the program to check again that user every now and then to see if the email or the IP are changing from good to bad?

Just now the program only check users automatically when they try to register. They are not checked again unless you do it manually. To change that I will need to change almost all the way the program works.

As you mentioned, I specifically excluded the use of the Global "Check User" switch since it would affect ALL users not only the one I was talking about. The idea is that when the user registers and gets the false positive, you can set a switch that so that if the user is checked again (see below) the user field was not be checked (or will be assumed to be a non-match). You state "It could be done (complicated but possible) but I don't think it will be practical". I do not see the complexity. You get the results back and at the point where you want to alter the icon, check a flag for that field in the user's record to see if it is set (which would trigger not showing the red icon). I have not looked at the code to see how practical this method would be so I am just raising the issue.

As to your comment about the effort to keep rechecking, I was only thinking of the manual check scenario and was not asking for an automated after the registration recheck (I am aware of how complex and time consuming this type of recheck would be). This would allow manual proactive rechecks of users who were not known spammers at registration and have not yet spammed to your forum but are now known to be rogue (ie: Would be flagged if they were attempting to register now).

Once they spam and thus out themself, you could do a manual check of them and if not on the list, report them. My flag would allow a manual scan of all the users (in batches) to see if anyone is now flagged and proactively remove them if you want before they spam you while ignoring the known invalid match during the rescan. This would allow the administrator on request to revalidate the members just like is suggested when you first activate the mod to find those spammers who registered on your board before activation of the mod.

#6

Modifications and Packages / Re: Stop Spammer

February 20, 2010, 12:08:41 AM by lc62003

In Reply #324 there was a discussion of the False Positive problem where a non-Spammer is being flagged just due to having  the same name as a spammer (in my case UserID Dave). I may be confusing the suggested fix in that reply with one from another message but in any case, I would like to suggest a possible solution (or support the one I think I remember). My fix is to add a field to the flags that highlight the name, email address, and IPN entries that says for THAT Field of an entry to ignore the match. In my case, for the user who is falsely having his userid made a red icon, be able to reset it to OK and say to not flag him again until there is an actual match on the email and/or IPN. Note that this is NOT referencing the global switch to not check a filed for ALL users but just a setting in the user's entry to say to ignore the field.

Thank You.

You can already turn off/on 'check username'.   

#7

Modifications and Packages / Re: Stop Spammer

February 19, 2010, 11:15:58 PM by Robert A. Rosenberg

In Reply #324 there was a discussion of the False Positive problem where a non-Spammer is being flagged just due to having  the same name as a spammer (in my case UserID Dave). I may be confusing the suggested fix in that reply with one from another message but in any case, I would like to suggest a possible solution (or support the one I think I remember). My fix is to add a field to the flags that highlight the name, email address, and IPN entries that says for THAT Field of an entry to ignore the match. In my case, for the user who is falsely having his userid made a red icon, be able to reset it to OK and say to not flag him again until there is an actual match on the email and/or IPN. Note that this is NOT referencing the global switch to not check a filed for ALL users but just a setting in the user's entry to say to ignore the field.

Thank You.

[Things to do in the near future:]

#8

Modifications and Packages / Re: Stop Spammer

February 12, 2010, 03:28:06 AM by snoopy_virtual

Added a Road map to the main page.

From now on, before you ask for a new feature or report a bug, you can check if it's already in the cue waiting to be done:

Things to do in the near future: (12th February 2010) ! Try to sort the "false positive" problem with SiL solution. (see reply #324 here) It looks promising. + Add the buttons to "Check" and "Report" members also to the pages "Waiting for approval" and "Waiting for activation". ! Sort the bug with the "Undefined index: types" reported many times. ! Sort the bug about the members count reported also many times. The main page is still telling you there are members waiting for approval even after you have approved or deleted all of them. * Modify the FAQ written by M-DVD 2 years ago. Delete obsolete ones and add new ones. * Find a way to complete the incomplete translations.

Legend * Feature to be Changed + Feature to be Added - Feature to be Eliminated ! Bug to be Fixed

This also will make things a lot easier for me, because I can see all of them together in one place and decide which one is more urgent. By the way, I have order them already in the list, so the first ones in there are the ones I'm going to do first.

Please check if I have forgotten anything in that list.

#9

Modifications and Packages / Re: Stop Spammer

February 09, 2010, 10:53:51 AM by EL34xyz

Well at least there is one other person that believes the mod should not be automatically making admin decisions.
reply #446 by Cranky old guy

Personally, I even if there is NOT an error with the DB connection, I don't want it to automatically de-activate someone because their username appears in the SFS database.  The chance of a name false-positive is fairly good, and I don't expect a LOOK AT THIS EXISTING MEMBER to suddenly de-activate them until I say so.

The mod will stay the way it is until enough users decide they want full control of their membership data base.

As I said, it's just an oppinion and oppinions are like Arsehales.
Everyone's got one, but yours stinks. 

[I believe the mod should check the spam data baseThe mod should report the results of the soam check.The Admin then makes a decision on what to do with those members.]

#10

Modifications and Packages / Re: Stop Spammer

February 09, 2010, 09:39:58 AM by EL34xyz

Why should I have to do that for 50+ false positive members every time I do a complete member check?

Look, it's just a difference of opinion.

I believe the mod should check the spam data base
The mod should report the results of the soam check.
The Admin then makes a decision on what to do with those members.

I don't believe that the mod should automatically remove membership status on legitimate members, just because their user name comes up as a false positive.
I don't want to stop checking user names in the spam database because that is just as valuable as the IP address and the email address check.

Again, it's just a difference of opinions here.
The Admin should be in charge of removing members, not the mod.

[Look, it's really very simple.]

#11

Modifications and Packages / Re: Stop Spammer

February 09, 2010, 08:07:41 AM by EL34xyz

Look, it's really very simple.
When checking all the members on my forum in the spam database.

The mod should not automatically change their member status to a non member status on all these false positive members.

This is a huge hassle for the admins of large forums that have a lot of members.
Why should I have to go and correct this situation every time I do a full membership check against the spam data base?
The admin should have the option to remove these false positives.

[The mod should check them in the database only and not change their status.]

#12

Modifications and Packages / Re: Stop Spammer

February 09, 2010, 07:50:46 AM by EL34xyz

Moving a member from 1 to 3 is deleting their member status.
They are no longer a member.
They are pottential applicants awaiting membership status.

The mod should not automatically do this to my members

When I check all my members, this mod will catch at least 50 or more false positive members.

The admin should be able to view these false positives and then make a decision.

The mod should check them in the database only and not change their status.

[This spam mod deletes the false positives members]

#13

Modifications and Packages / Re: Stop Spammer

February 09, 2010, 07:44:55 AM by snoopy_virtual

Snoop,
I don't care about false positives, you are missing the whole gist of how this bug operates.
And yes partial names are reported if that name is part of another name
That does not matter, this is the bug below.

This spam mod deletes the false positives members
The spam mod should not delete these false positive members automatically!

The is_activated status in the SMF database is changed from 1 to a 3 on these false positive members.

Do you understand this now?
Look at this screen shot

Yes I understand and this is not a bug.

I have it in my forums all the time.

I have a girl named Margarita in one of them. I know the girl and I know she is not a spammer.

The username Margarita is in SFS database.

If I make a mistake and I check this girl in my forum, her is_activated status in the SMF database is changed from 1 to a 3, so she passes to the "Waiting for approval" list.

That is what is called a false positive.

But the program doesn't delete her. I just need to go to the "Waiting for approval" list and approve her again.

If your mod is deleting them you must have something really wrong there.

Are you sure you have installed it properly?

[This spam mod deletes the false positives members]

#14

Modifications and Packages / Re: Stop Spammer

February 09, 2010, 07:28:21 AM by EL34xyz

Snoop,
I don't care about false positives, you are missing the whole gist of how this bug operates.
And yes partial names are reported if that name is part of another name
That does not matter, this is the bug below.

This spam mod deletes the false positives members
The spam mod should not delete these false positive members automatically!

The is_activated status in the SMF database is changed from 1 to a 3 on these false positive members.

Do you understand this now?
Look at this screen shot

[is_activated]

#15

Modifications and Packages / Re: Stop Spammer

February 08, 2010, 10:57:29 PM by snoopy_virtual

@EL34xyz

First of all I want to apologize for the way I talk.

This always give me problems with my students when they just met me. Usually the first year they are too scare to ask me questions, but after the first year, when they realize that I am not angry all the time but this is only the way I talk, they relax and then they just don't pay any heed to my shoutings and swearings and ironic comments.

I know I loose my temper too often, but that's the way I have always been and I don't think now that I'm 53 I can change that.

Anyway, sorry about that. I will try to keep it to the point. (As much as I can, at least.)



Now.

I understood what you were saying since the first time.

What I have been trying to tell you is that this is not a bug.

That's the way the mod is intended to work.

I think is you who don't understand how the mod works.

Let's see if I can explain it better:

Everytime a new member try to register or everytime you check an existing member the mod does exactly the same:

It takes the username, the IP and the email of the member trying to register (or the member you are checking) and compare them with the database inside the Stop Forum Spam servers. If any of the 3 things (doesn't matter which one of the 3) is already in SFS database it changes the value of is_activated to 3 (waiting for approval) and change the value of is_spammer to a number from 1 to 7, depending on which ones of the 3 things where already in the database.

I have no control at all over SFS servers or the way they build theirs database. In SFS I am just a normal member and the only thing I can do there is give them my opinion about how they should run their database, but I cannot force them to change it if they don't want.

I also think is wrong to have all these normal usernames stored as spammers, but as I said I cannot change that.

Even the IPs can also give you some wrong positives, as I was saying in reply #469

...
If it catches somebody because their IP can be 3 options:

• It's a spammer.
• It's a legal guy but the computer has a trojan and it's part of a botnet sending spam without the owner knowledge.
• It's a legal guy but he has a dynamic IP (the ones changing every time  you restart your router) and today he has an IP which uses to belong to a spammer.

So if your program catches as spammer somebody you are sure is a legal person, just because the IP, you should tell them so they can scan the computer looking for trojans (or just restart the router and get another IP).

If you are interested in this subject, I have written a lot about it.

For example:

http://www.snoopyvirtualstudio.com/trankos/portal/index.php?option=com_smf&Itemid=36&topic=297.msg1230#msg1230

http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpbl

etc.

That's why I like better the way they deal with the IP problem in Project Honey Pot than how they do it in SFS. (That's why in all my forums I have 2 anti-spam programs, this one checking SFS and mod httpBL checking PHP and I always recommend everybody to do the same).

The only thing sure is the email.

If the email is in SFS database you can be 99% sure that guy is a spammer. (I leave 1% out just in case, because I suppose one of this days spammers will start using legal people email addresses and then we will have a real problem to differentiate them).

Anyway, going back to my main line of argumentation, I was saying I cannot change SFS database. We already had many times this argument about the usernames inside SFS forum and a lot of people ask them to erase from the database common usernames as the one you were saying (Madison) and many others.

I can understand they having in the database names like:

britney_spears_nude
free_viagra
etc

(Don't laugh, this 2 and many others with similar names had try to register in one of my forums)

But I don't understand why they keep names as Jimmy, Margarita, etc.

They say it's for practical reasons. Everyday a lot of new names are added to the database and they cannot have somebody checking every 2 minutes to erase the normal ones. And they say that anyway who is going to mark the line between what is a normal name and what is not. And they say etc etc.

So we just need to accept that they are not going to change that and that's it. Theirs database is not 100% perfect, but still it's one of the best anti-spam webs I know and my forums work a lot better with this mod.

Then, the only thing I can control is not the way SFS works, but the way this mod works and that's what I am doing..

We already had this argument about the false positives before a lot of times. Not only false positives due to username, but also the ones due to IP.

I don't know if you have read the full 25 pages of this post, but I have done it several times and I can give you a lot of examples of different opinions about it.

I could even send you copies of the PMs I sent to M-DVD and his replies talking about this since I started working with him more than a year ago. The problem is if I put all these copies together it will be a lot longer than this post. And anyway they are in spanish.

M-DVD's opinion was to keep the mod as simple as possible and he always said it was up to every admin to study every new catch the mod does and to decide if they will allow the new one inside the forum (approve it) or not (reject it).

One year ago I was doing just that.

Every day I was checking one by one every new catch.

The problem is I administer 10 different forums, and every one was catching every day around 10 spammers.

That's more or less a 100 to check every day. Too many.

That's why I started doing my other anti-spam mod using PHP database (when I say PHP I mean Project Honey Pot).

Now I only have to check 5 new spammers every day (counting all the forums together) and that's a lot easier to do, because the another one using PHP is fully automatic and you don't need to check anything. It even report itself new spammers and all, so you just need to install it and forget about it.

But I'm diverging again from the subject. Let's go back to the username false positive problem.

As I was saying, you can see if you read the post a lot of different options about it.

A month ago I added to the mod a possible solution that wasn't there in earlier versions:

If you are having too many false positives due to usernames or IPs you can go to the mod settings and tell the mod don't check any one of them you want.

Whatever the case I wouldn't recommend nobody to turn off the "check email" option. (For the reasons I stated above).

There is another possible solution another friend suggested (I haven't forgotten about you SiL) I still would like to try because I think is even better, but I haven't had time enough with all this problem with the yellow bug and all the writing I'm doing here lately.

Then now, trying to put it easier.

I understand you don't want to turn off the option to check usernames. I have it off in most of my forums because my experience tells me in all my forums all the false positives I had where due to usernames.

And anyway I don't really mind when a spammer register in one of my forums.

With the other anti-spam mod (the httpBL) usually it just goes as far as registering, but to actually be able to say something in one of the posts is almost impossible. They get caught in one of the honey pots sooner or later.

No one of them have been able to do it yet.

I suppose you have seen on top of my forum a sign encouraging them to try. 

(By the way, if anyone of you want to copy that picture for your own forum it's not copyrighted. It's copylefted. Even more, if you don't know how to put it in your forum to reflect the actual number of spammers caught by your mod, let me know and I will write a tutorial about it. Even more, you can see in my forum I have it in english and in spanish. If anyone of you wants to translate it to another language just let me know and I can send you the PSD file with all the layers ready to modify with Photoshop.)

I am diverging again.

Back to the point.

Then, as I was saying, if you don't want to turn that option off, then you need to remember that everytime a new guy try to register in your forum or everytime you check an existing member, the mod is going to check if the username is in SFS database. And if it's there, it's going put him "under approval" (is_active = 3) and it's going to change the value of is_spammer to a value different from 0

So, again:

If you know that Madison is a good guy and you don't want to mark him as spammer, don't check him with the option to check usernames on.

If you want me to take Madison's name from SFS sorry but I cannot do that.

Any other suggestions?

Ken what I mean?

Slange var 

[or thousands]

#16

Modifications and Packages / Re: Stop Spammer

February 05, 2010, 06:39:43 PM by CrankyOldguy

I'm not a programmer... maybe we can get some help here?  I've localized the problem, but I may not be able to fix it elegantly.
         
There are indeed 2 bugs with the current code.  When you are looking at members, it's walking the entire forum member list instead of only the 'checked' members.  That will be uglier to figure out & modify, although the example DELETE MEMBER code in ManageMembers.php should be a useful guide.  The problem area in the code starts at line 70 in StopSpammer.php.  That REALLY needs to be fixed, as I presume even when it's working 'properly' that it's hitting the SFS database with hundreds or thousands of requests that weren't intended.  Let's not do a DOS attack of them ourselves, K?

The second bug is that the checkDBSpammer function is using the three options of "what to do when a database connection fails" DURING REGISTRATION to modify a member's 'spammer status' when you are just looking at them in the Admin panel MANAGE MEMBERS area.  Those options are working fine during registration, but I don't want it to mark someone as SPAMMER while looking at the MANAGE MEMBER list merely because the database is offline.  That should always return the DATABASE CONNECTION ERROR message and then abort further processing.  Maybe an easy way to correct that is to add an IS_REGISTRATION variable to what's passed to the routine, and use that to do a RETURN 0; right after the failed connection test?  The problem is that lines 38-42 of StopSpammer.php are really only intended for REGISTRATION, and not for viewing the members.

Personally, I even if there is NOT an error with the DB connection, I don't want it to automatically de-activate someone because their username appears in the SFS database.  The chance of a name false-positive is fairly good, and I don't expect a LOOK AT THIS EXISTING MEMBER to suddenly de-activate them until I say so.
         
The problem where it wipes out all members only occurs if you have "If the Connection Fail with Anti SPAM DB" Admin panel setting set to "Member Approval and show yellow icon to check later"; the other two options do NOT cause an overwrite of the member database.  You can simulate a database connection error by changing the stopforumspam.com URL in line 28 of StopSpammer.php to anything that won't resolve, like xyzzy1.org  I've verified it, and can duplicate it repeatably.

Of course, DON'T simulate a connect error if you do not know how to quickly change all of your members back to ACTIVATED.   In phpMyAdmin, hit the SQL tab and enter the following:
UPDATE smf_members SET is_activated = REPLACE(is_activated,'3','1');
and then
UPDATE smf_members SET is_spammer = REPLACE(is_spammer,'8','0');


Can we stay on topic here, and not get into Robert's Rules of Order for Yahoo Groups?  Pretty please?   We'll get it fixed quicker if we don't hare off on wild unrelated tangents.

[SiL]

#17

Modifications and Packages / Re: Stop Spammer

December 26, 2009, 10:31:59 AM by snoopy_virtual

...

If I can point you to an extract from my previous request in October, and it is connected with the false positive issue - it is a suggestion for a slightly modified version of Nerd3D's request

...

etc etc

You are right SiL.

I remember when you did that suggestion last October.

The problem was at that time I was too busy with other things and M-DVD was doing this mod on his own. I didn't even have time enough to read properly all your suggestions and just did a mental note to study them later.

Now that it's the other way round (with M-DVD too busy with other things and me updating the mod on my own) I need to check again the full post to see if I have missed any more clever suggestions.



Going back to the false positive issue, I haven't seen yet in my forums any false positive due to IP, but of course they are possible, so I think we should take into consideration your solution as well.

The way I have done it just now following Nerd3D's suggestion (with 3 check-boxes to turn on and off the options to check username, email and IP) is not perfect, because if you turn off the option to check all IPs, you will open the door to your forum to a lot of spammers, but with your solution (let them in only if the IP was in the spammers DB but the username and email wasn't) I think it will be better.

I am not sure anyway if we can have both solutions at the same time or if we need to choose only one of them.

I will try to see if there is a way to put inside the mod's configuration both improvements, so everybody will be able to choose whatever works better for every particular forum.

If that's not possible and we can have only one of them, I think your solution is slightly better, but of course, before I can be sure about that, I need to see them working with real forums.

#18

Modifications and Packages / Re: Stop Spammer

December 25, 2009, 09:20:06 AM by SiL

OK, here's a feature request. Can we have on the prefs page check boxes for which fields to test. All my false positives are user name only. Can we in the mean time is there a not-too-complicated way to set this up. So it only checks IP and Email.

It looks like a great idea, and I don't think it's very complicated.

As I still have a few days left until I have access to the official page to upload  the final version 2.4 there, I can try to modify my temporary version to add also this feature in it.

I will tell you how it goes.

If I can point you to an extract from my previous request in October, and it is connected with the false positive issue - it is a suggestion for a slightly modified version of Nerd3D's request

I noticed a number of false positives based on username only - legitimate members may be using the same username as a spammer, but of course with a different ip address and email address.
Because of dynamic IP assignment the same can be true for IP address hits.
The spam check weights the detection flag as

email address = 4
username = 2
ipaddress = 1

Doing a quick check with an offline mirror of a forum database for 300-400 entries threw up
a number of false positives - these were almost always username only or ip address only.

So my thinking is the boundary between a false positive and a real positive spammer is the value "3" . If the "is_spammer" value is 1 {ip address - e.g. dynamic} or 2 {common username}, this is a warn, but no action required (registration allowed).  Any "is_spammer" value of 3 or higher is placed in the waiting list.

& how would this be useful? 

My suggestion would be to have a checkbox, maybe call it "strict" or "catch all" - if this is checked, an "is_spammer" value between 1 and 7 will satisfy the spammer criteria and user will be placed on waiting list to be checked/approved (this is how I understand the mod to currently work).
  however...

If the "catch all" checkbox is NOT checked, only spammers with an "is_spammer" value between 3 and 7 will be put on the waiting list.  Those users who are unlucky enough to have a common username shared with a spammer, but otherwise legitimate will be allowed through as normal.

{see original post for remainder of suggestion}

#19

Modifications and Packages / Re: Stop Spammer

October 26, 2009, 01:09:01 AM by SiL

SPAMMER CHECKING

I think I understand it a bit better now...

I noticed a number of false positives based on username only - legitimate members may be using the same username as a spammer, but of course with a different ip address and email address.
Because of dynamic IP assignment the same can be true for IP address hits.
The spam check weights the detection flag as

email address = 4
username = 2
ipaddress = 1

Doing a quick check with an offline mirror of a forum database for 300-400 entries threw up
a number of false positives - these were almost always username only or ip address only.

So my thinking is the boundary between a false positive and a real positive spammer is the value "3" . If the "is_spammer" value is 1 or 2, this is a warn, but no action required (registration allowed).  Any "is_spammer" value of 3 or higher is placed in the waiting list.

& how would this be useful? 

My suggestion would be to have a checkbox, maybe call it "strict" or "catch all" - if this is checked, an "is_spammer" value between 1 and 7 will satisfy the spammer criteria and user will be placed on waiting list to be checked/approved (this is how I understand the mod to currently work).   however...
If the "catch all" checkbox is NOT checked, only spammers with an "is_spammer" value between 3 and 7 will be put on the waiting list.
Those users who are unlucky enough to have a common username shared with a spammer, but otherwise legitimate will be allowed through as normal.

And to extend this option... to modify the Manage.members & Manage.members.template so that a quick search for users with a spammer value of 1 to 2 (warn) and 3 to 7 (spammer) can be done - (i've started to have a play with these files but my php coding is primitive, so it is just a bit of trial and error to get it right)
This way one can review the member database for alerts of users to watch. 

The underlying idea is so that legitimate users are not disadvantaged, and the admin/mod only has to go and approve/disapprove the obvious catches - in the end I think that this minor change would reduce the amount of checking and approval that a mod/admin would need to do, as it will get it right 95% of the time.

And if there was a false positive registered on the SFS site, which marked a legitimate user as a spammer (could happen), it would be nice to have an option to clear the "is_spammer" value - in the members view perhaps?

[No forum package, or any other package for that matter, will ever be entirely impervious to every possible attack no matter how well written.]

#20

Modifications and Packages / Re: Stop Spammer

May 19, 2009, 11:29:21 PM by M-DVD

The Dutch language file has a mistake in this line:

Code Select Expand

$txt['stopspammer_enable'] = 'MOD Stop Spammer' in/uitschakelen;

I think it should be:

Code Select Expand

$txt['stopspammer_enable'] = 'MOD Stop Spammer in/uitschakelen';

Yep, thanks for fix


--

Thanks a lot for this great mod.
With the recent attacks to SMF foruns, it is very useful.

Thanks for comment, I am glad for this MOD has been usefull in this "emergency".

--

Security mods including this one, were the first I installed when deploying my site and it appears my paranoia was well founded. No forum package, or any other package for that matter, will ever be entirely impervious to every possible attack no matter how well written.

Very true

PS: Thanks for your comment

--

There is currently no way to do it.

Remains in red to maintain this "data", but (if it is necesary) I could add the feature to "clean out" a user. (snoopy_virtual time ago suggested me this case)

That would be great!

Ok, in the next version I will add this feature.

Also it would be nice to choose how to scan.. now i have several accounts for approval, simply because the name is listed... but they are very common names like Daisy or something... It would be great to have an option to only check for IP and mail adress and not on name...

I sorry, I will not make it. I think it would be "work used" for compromises the functionality and security that has the MOD. (Many spammers would can be catched only by the name).

In contrast, one feature of the MOD, is that the administrator can take control of all blocks, so you can check if there are false positive (which in my opinion, is the smallest of the cases).

But, If you don't like check the user name, then you can do this manual change:

Search in $sourcedir/Subs-Members.php

Code Select Expand

$remoteXML = 'http://www.stopforumspam.com/api?' . ('127.0.0.1' != $check_ip ? "ip={$check_ip}&" : '') . 'username=' . urlencode($check_name) . '&email=' . $check_mail;

Replace by:

Code Select Expand

$remoteXML = 'http://www.stopforumspam.com/api?' . ('127.0.0.1' != $check_ip ? "ip={$check_ip}&" : '') . '&email=' . $check_mail;

And it would be nice to have an option to check all members.. since i now have 2000+ members and it will take me ages to scan everyone manual...

Currently you can do massive check, with one button.

In: Admin > Members > View All Members

Select the users suspects and then make Click in Check Button.

More massive? All the users? It isn't recomendable, the process could fail for timeout.

But... most of all.. thank you for this wonderfull mod!!! Im shur this will add more safety..

Your welcome

--

Yes, an option to sort by the red icon would be great, i have 5000+ users and it's not easy to search through the entire list.
Anyway, it would be just an addon, since the mod works fine.

Sort by Red Icon could be many work I shouldn't do it for short or medium term.

In contrast, you can found easily the "Red Icon User" in the List:

Admin > Members > Awaiting Approval



Then, this feature I think isn't urgent (or innecesary)

Thanks for your comment